所以基本上管理员和用户进入不同的窗口,这里是代码C#如何在不同的登录为管理员和用户
private void cmdEnter_Click(object sender, EventArgs e)
{
if (txtUsername.Text == "" && txtPassword.Text == "") //Error when all text box are not fill
{
MessageBox.Show("Unable to fill Username and Password", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (txtUsername.Text == "") //Error when all text box are not fill
{
MessageBox.Show("Unable to fill Username", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (txtPassword.Text == "") //Error when all text box are not fill
{
MessageBox.Show("Unable to fill Password", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
try
{
string myConnection = "datasource=localhost;port=3306;username=root";
MySqlConnection myConn = new MySqlConnection(myConnection);
MySqlCommand SelectCommand = new MySqlCommand("select * from boardinghousedb.employee_table where username='" + this.txtUsername.Text + "' and password='" + this.txtPassword.Text + "' ;", myConn);
MySqlDataReader myReader;
myConn.Open();
myReader = SelectCommand.ExecuteReader();
int count = 0;
while (myReader.Read())
{
count = count + 1;
}
if (count == 1)
{
MessageBox.Show("Username and Password . . . is Correct", "Confirmation Message", MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
this.Hide();
Menu mm = new Menu();
mm.ShowDialog();
}
else if (count > 1)
{
MessageBox.Show("Duplicate Username and Password . . . Access Denied", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
MessageBox.Show("Username and Password is Not Correct . . . Please try again", "Error Message!", MessageBoxButtons.OK, MessageBoxIcon.Error);
myConn.Close();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
}
,但我不知道我怎么了,其他教程关于本地数据库会谈,但很使用MySQL Here is the employee table, title=admin or user
对于新手来说,这个代码是SQL注入敞开的。您将要查看参数化查询。除此之外,我不清楚你在问什么。这段代码不工作的方式是什么?有什么问题? – David
似乎我可以登录*您的任何*帐户,只要我的密码是'PLAIN WRONG'UNION SELECT * from boardinghousedb.employee_table LIMIT 1; - ' – nvoigt
您检查'if count == 1'是否正确..如果您正在检查重复项,这仍然是不正确的..您需要构建您的数据库,以便您拥有用户和管理员以及结构的Id你的查询返回那个..然后在你的查询中,如果用户名和密码是正确的,那么检查他们是否尝试访问管理员,当他们应该是一个用户时,然后显示一条消息并学习如何在检查后使用'return'关键字消息..如果你有空白的用户和密码,你需要显示消息,并立即'返回'意味着退出该方法.. – MethodMan